RCE
The target osCommerce instance running on the port Blueprint and 443 of the BLUEPRINT(10.10.136.191) host is vulnerable to an unauthenticated RCE due to its outdated version; 2.3.4
Exploit
┌──(kali㉿kali)-[~/archive/thm/blueprint]
└─$ searchsploit -m php/webapps/50128.py
Exploit: osCommerce 2.3.4.1 - Remote Code Execution (2)
URL: https://www.exploit-db.com/exploits/50128
Path: /usr/share/exploitdb/exploits/php/webapps/50128.py
Codes: N/A
Verified: False
File Type: Python script, ASCII text executable
Copied to: /home/kali/archive/thm/blueprint/50128.pyExploit locally available.
Exploitation
Initial Foothold established to the BLUEPRINT(10.10.136.191) host as SYSTEM via an unauthenticated RCE.
System level compromise